P
US11630704B2ExpiredUtilityPatentIndex 94

System and method for a workload management and scheduling module to manage access to a compute environment according to local and non-local user identity information

Assignee: III HOLDINGS 12 LLCPriority: Aug 20, 2004Filed: Aug 9, 2019Granted: Apr 18, 2023
Est. expiryAug 20, 2024(expired)· nominal 20-yr term from priority
Inventors:JACKSON DAVID B
G06F 9/5072G06F 9/44552G06F 9/468G06F 21/305G06F 9/4881G06F 2209/483
94
PatentIndex Score
14
Cited by
2,381
References
8
Claims

Abstract

A system, method and computer-readable media for managing a compute environment are disclosed. The method includes importing identity information from an identity manager into a module performs workload management and scheduling for a compute environment and, unless a conflict exists, modifying the behavior of the workload management and scheduling module to incorporate the imported identity information such that access to and use of the compute environment occurs according to the imported identity information. The compute environment may be a cluster or a grid wherein multiple compute environments communicate with multiple identity managers.

Claims

exact text as granted — not AI-modified
I claim: 
     
       1. A method for managing access to a compute environment according to local and non-local identity information, comprising:
 periodically sending, by a management module executing on a processor in a first compute environment to an identity manager shared by the first compute environment and a second compute environment, local identity information of the first compute environment that includes credentials associated with at least one of users, groups of users, accounts, projects, classes, queues, and qualities of service; 
 periodically importing, by the management module, identity information from the identity manager; 
 scheduling, by the management module, a workload that consumes resources in the first compute environment by:
 determining, by the management module, a conflict between local identity information and the imported identity information from the identity manager; 
 resolving the conflict, by the management module, between the imported identity information and local identity information, wherein the local identity information comprises local configuration information on an arrangement of computers and computer types in the first compute environment to produce a conflict resolution, wherein the resolving a conflict comprises determining a priority between the imported identity information and the local identity information by applying rules that determine whether the identity information or the local configuration information has precedence; 
 modifying allocation of resources for the workload based on the conflict resolution such that a scheduling decision associated with a resource in the first compute environment is based at least in part on the conflict resolution, wherein in response to the conflict being resolved in favor of the local configuration information, access to and use of the first compute environment are managed according to the local configuration information; 
 
 running the workload; and 
 while running the workload, sending, by the management module, to the identity manager, updated identity information, wherein the updated identity information is available to the second compute environment in an event that the workload is transferred to the second compute environment. 
 
     
     
       2. The method of  claim 1 , wherein resolving the conflict between the imported identity information and the local identity information comprises determining in advance which source of information is more authoritative. 
     
     
       3. The method of  claim 1 , wherein the local identity information further comprises information associated with at least one of default credential associations and credential specification constraints. 
     
     
       4. The method of  claim 3 , wherein the default credential associations define credentials for users for whom no specified constraints exist and credential specification constraints further comprise constraints related to at least one of:
 a service level agreement, priority information, usage limit information, fairshare targets, service guarantees, resource constraints, usage statistics, contact information and billing information. 
 
     
     
       5. A system for managing access to a compute environment according to local and non-local identity information, the system comprising:
 a processor; and 
 a non-transitory computer-readable storage medium storing instructions, which, when executed by the processor, cause the processor to perform operations comprising:
 periodically sending, by a management module executing on a processor in a first compute environment to an identity manager shared by the first compute environment and a second compute environment, local identity information of the first compute environment that includes credentials associated with at least one of users, groups of users, accounts, projects, classes, queues, and qualities of service; 
 periodically importing, by the management module, identity information from the identity manager; 
 scheduling, by the management module, a workload that consumes resources in the first compute environment by:
 determining, by the management module, a conflict between local identity information and the imported identity information from the identity manager; 
 resolving the conflict, by the management module, between the imported identity information and local identity information, wherein the local identity information comprises local configuration information on an arrangement of computers and computer types in the first compute environment to produce a conflict resolution, wherein the resolving a conflict comprises determining a priority between the imported identity information and the local identity information by applying rules that determine whether the identity information or the local configuration information has precedence; 
 modifying allocation of resources for the workload based on the conflict resolution such that a scheduling decision associated with a resource in the first compute environment is based at least in part on the conflict resolution, wherein in response to the conflict being resolved in favor of the local configuration information, access to and use of the first compute environment are managed according to the local configuration information; 
 
 
 running the workload; and 
 while running the workload, sending, by the management module, to the identity manager, updated identity information, wherein the updated identity information is available to the second compute environment in an event that the workload is transferred to the second compute environment. 
 
     
     
       6. The system of  claim 5 , wherein the local identity information further comprises information associated with at least one of default credential associations and credential specification constraints. 
     
     
       7. The system of  claim 6 , wherein the default credential associations define credentials for users for whom no specified constraints exist and credential specification constraints further comprise constraints related to at least one of: a service level agreement, priority information, usage limit information, fairshare targets, service guarantees, resource constraints, usage statistics, contact information and billing information. 
     
     
       8. A non-transitory computer-readable storage device storing instructions for managing a compute environment, which, when executed by a processor, cause the processor to perform operations comprising:
 periodically sending, by a management module executing on a processor in a first compute environment to an identity manager shared by the first compute environment and a second compute environment, local identity information of the first compute environment that includes credentials associated with at least one of users, groups of users, accounts, projects, classes, queues, and qualities of service; 
 periodically importing, by the management module, identity information from the identity manager; 
 scheduling, by the management module, a workload that consumes resources in the first compute environment by:
 determining, by the management module, a conflict between local identity information and the imported identity information from the identity manager; 
 resolving the conflict, by the management module, between the imported identity information and local identity information, wherein the local identity information comprises local configuration information on an arrangement of computers and computer types in the first compute environment to produce a conflict resolution, wherein the resolving a conflict comprises determining a priority between the imported identity information and the local identity information by applying rules that determine whether the identity information or the local configuration information has precedence; 
 modifying allocation of resources for the workload based on the conflict resolution such that a scheduling decision associated with a resource in the first compute environment is based at least in part on the conflict resolution, wherein in response to the conflict being resolved in favor of the local configuration information, access to and use of the first compute environment are managed according to the local configuration information; 
 
 running the workload; and 
 while running the workload, sending, by the management module, to the identity manager, updated identity information, wherein the updated identity information is available to the second compute environment in an event that the workload is transferred to the second compute environment.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.